| Author |
Message |
themode |
|
Post subject: Var Home_net question
 Posted: Nov 29, 2008 - 09:55 AM
|
|
Joined: Nov 29, 2008
Posts: 31
Status: Offline
|
|
Hi, our network is made up of 28 Class C segments. Can I then add all 28 segments to the home_net variable?
If so, is it appropriate to add them one after another seperated by a comma and letting it wrap around?
Are their any limitation to the amount of bytes that will be accepted by the variable?
Should I consider making Class B addresses in order to reduce the amount of variable data? There would be 3 Class B addresses. Are there Cons to doing this.
thanks |
|
|
| |
|
|
|
 |
|
Morpheus |
|
|
Post subject: RE: Var Home_net question
Posted: Nov 29, 2008 - 04:08 PM
|
|
Site Admin
Joined: Sep 04, 2003
East Coast - USA
Posts: 1418
Location: East Coast - USA
Status: Offline
|
|
| Give us an example of what you have, and it really doesn't matter if it's a A, B or C. HOME_NET was designed to be very flexable. |
_________________
Best regards,
Morpheus...
WINSNORT.com Management
|
| |
|
|
|
|
|
themode |
|
|
Post subject:
Posted: Dec 02, 2008 - 03:31 AM
|
|
Joined: Nov 29, 2008
Posts: 31
Status: Offline
|
|
Hi,
Here is the entry in snort.conf
# Set up network addresses you are protecting. A simple start might be RFC1918
var HOME_NET [142.19.92.0/24,142.19.200.0/24,142.19.201.0/24,142.19.203.0/24,142.19.206.0/24,172.21.1.0/24,172.21.2.0/24,172.21.3.0/24,172.21.16.0/24,172.26.0.0/24,172.26.1.0/24,172.26.2.0/24,172.26.8.0/24,172.26.14.0/24,172.26.15.0/24,172.26.17.0/24,172.26.20.0/24,172.26.22.0/24,172.26.31.0/24,172.26.32.0/24,172.26.33.0/24,172.26.33.0/24,172.26.36.0/24,172.26.66.0/24,172.26.67.0/24,172.26.68.0/24,172.26.69.0/24,172.26.70.0/24,172.26.240.0/24]
# Set up the external network addresses as well. A good start may be "any"
var EXTERNAL_NET !$HOME_NET
Thanks. |
|
|
| |
|
|
|
|
|
|
Powered by PNphpBB2 © 2003-2009. The PNphpBB2 Team
|
|
|
